cvelistv5 - CVE-2007-1257

CVE-2007-1257 (GCVE-0-2007-1257)

Vulnerability from cvelistv5 – Published: 2007-03-03 20:00 – Updated: 2024-08-07 12:50

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://www.kb.cert.org/vuls/id/472412	third-party-advisoryx_refsource_CERT-VN
	http://www.vupen.com/english/advisories/2007/0783	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/24344	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/22751	vdb-entryx_refsource_BID
	http://osvdb.org/33066	vdb-entryx_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securitytracker.com/id?1017710	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.161Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070228 Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
          },
          {
            "name": "VU#472412",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/472412"
          },
          {
            "name": "ADV-2007-0783",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0783"
          },
          {
            "name": "24344",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24344"
          },
          {
            "name": "22751",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22751"
          },
          {
            "name": "33066",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33066"
          },
          {
            "name": "oval:org.mitre.oval:def:5188",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188"
          },
          {
            "name": "cisco-catalyst-nam-unauthorized-access(32750)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
          },
          {
            "name": "1017710",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017710"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070228 Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
        },
        {
          "name": "VU#472412",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/472412"
        },
        {
          "name": "ADV-2007-0783",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0783"
        },
        {
          "name": "24344",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24344"
        },
        {
          "name": "22751",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22751"
        },
        {
          "name": "33066",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33066"
        },
        {
          "name": "oval:org.mitre.oval:def:5188",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188"
        },
        {
          "name": "cisco-catalyst-nam-unauthorized-access(32750)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
        },
        {
          "name": "1017710",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017710"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1257",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070228 Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
            },
            {
              "name": "VU#472412",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/472412"
            },
            {
              "name": "ADV-2007-0783",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0783"
            },
            {
              "name": "24344",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24344"
            },
            {
              "name": "22751",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22751"
            },
            {
              "name": "33066",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33066"
            },
            {
              "name": "oval:org.mitre.oval:def:5188",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188"
            },
            {
              "name": "cisco-catalyst-nam-unauthorized-access(32750)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
            },
            {
              "name": "1017710",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017710"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1257",
    "datePublished": "2007-03-03T20:00:00",
    "dateReserved": "2007-03-03T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD82BCCE-F68A-48A5-B484-98D9C3024E3A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A2AF1C7-23EB-4C13-AC71-4FA7E78E8ED7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2C1E3F7-D48E-4AF1-8205-33EB71E09E09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2DF345D-AD8A-4DE6-8136-6EF7B011E4B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC58B690-8D30-4A04-82AA-A827F87DEE02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41491D13-A3F9-464A-A84B-A58320838CBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD4D3F34-A1B3-4469-BF21-666FDAE9198B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B64454B8-75A5-4A63-A4DC-ECA17CFBCD7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19A1FA93-21B3-4CD4-8A62-C66D82CFB2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32583745-9640-4032-B1E1-598ABB4E89A0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address.\"}, {\"lang\": \"es\", \"value\": \"El M\\u00f3dulo Network Analysis (NAM) del Cisco Catalyst Series 6000, 6500 y 7600 permite a atacantes remotos ejecutar comandos de su elecci\\u00f3n mediante ciertos paquetes SNMP que son simulados desde la propia direcci\\u00f3n IP del NAM.\"}]",
      "evaluatorComment": "Per: http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml#@ID\r\n\r\n\"Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS). \"",
      "id": "CVE-2007-1257",
      "lastModified": "2024-11-21T00:27:53.570",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-03-03T20:19:00.000",
      "references": "[{\"url\": \"http://osvdb.org/33066\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24344\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/472412\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/22751\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1017710\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0783\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/32750\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/33066\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/472412\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/22751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017710\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/32750\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1257\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-03T20:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address.\"},{\"lang\":\"es\",\"value\":\"El M\u00f3dulo Network Analysis (NAM) del Cisco Catalyst Series 6000, 6500 y 7600 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante ciertos paquetes SNMP que son simulados desde la propia direcci\u00f3n IP del NAM.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD82BCCE-F68A-48A5-B484-98D9C3024E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2AF1C7-23EB-4C13-AC71-4FA7E78E8ED7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2C1E3F7-D48E-4AF1-8205-33EB71E09E09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2DF345D-AD8A-4DE6-8136-6EF7B011E4B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC58B690-8D30-4A04-82AA-A827F87DEE02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41491D13-A3F9-464A-A84B-A58320838CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD4D3F34-A1B3-4469-BF21-666FDAE9198B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B64454B8-75A5-4A63-A4DC-ECA17CFBCD7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19A1FA93-21B3-4CD4-8A62-C66D82CFB2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32583745-9640-4032-B1E1-598ABB4E89A0\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/33066\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24344\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/472412\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/22751\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017710\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0783\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32750\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/33066\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/472412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/22751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32750\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml#@ID\\r\\n\\r\\n\\\"Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS). \\\"\"}}"
  }
}

VAR-200703-0084

Vulnerability from variot - Updated: 2023-12-18 12:39

The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. According to Cisco Systems information NAM Model number WS-SVC-NAM-1, WS-SVC-NAM-2, WS-X6380-NAM Will be affected. For details, check the information provided by the vendor.Crafted by a third party SNMP Arbitrary commands may be executed due to packet processing. According to Cisco Systems information, the device may be completely controlled. An attacker can leverage this issue to gain complete control of the affected device. NAM uses the Simple Network Management Protocol (SNMP) to communicate with the Catalyst system.

Want a new job? http://secunia.com/secunia_vacancies/

Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/

TITLE: Cisco Products NAM SNMP Spoofing Vulnerability

SECUNIA ADVISORY ID: SA24344

VERIFY ADVISORY: http://secunia.com/advisories/24344/

CRITICAL: Moderately critical

IMPACT: System access

WHERE:

From local network

OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ Cisco CATOS 8.x http://secunia.com/product/3564/ Cisco CATOS 7.x http://secunia.com/product/185/

SOFTWARE: Cisco Catalyst 6500 Series Network Analysis Module (NAM-1/NAM-2) http://secunia.com/product/2272/ Cisco Catalyst 6500 Series Network Analysis Module (First Generation) http://secunia.com/product/2271/

DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.

SOLUTION: Update to a fixed version (see vendor advisory for details). http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0084",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "catalyst 6500 ws-svc-nam-2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2\\(1a\\)"
      },
      {
        "model": "catalyst 6500 ws-svc-nam-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2\\(1a\\)"
      },
      {
        "model": "catalyst 6000 ws-svc-nam-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2\\(1a\\)"
      },
      {
        "model": "catalyst 6000 ws-svc-nam-2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2\\(1a\\)"
      },
      {
        "model": "catalyst 6000 ws-x6380-nam",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1\\(1a\\)"
      },
      {
        "model": "catalyst 7600 ws-x6380-nam",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1\\(1a\\)"
      },
      {
        "model": "catalyst 7600 ws-svc-nam-1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2\\(1a\\)"
      },
      {
        "model": "catalyst 6500 ws-x6380-nam",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1\\(1a\\)"
      },
      {
        "model": "catalyst 7600 ws-svc-nam-2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.2\\(1a\\)"
      },
      {
        "model": "network analysis module",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "7600 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catalyst 6500 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ex",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2za",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxf",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxe",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxd",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sxa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sgb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sga",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sg",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ixb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ixa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ewa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2ew",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2eu",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios zu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "ios 12.1ex",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(5)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(4)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(3)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(2)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(1)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6(19)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6(18)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6(17)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6(16)"
      },
      {
        "model": "catos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6(15)"
      },
      {
        "model": "catalyst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6500"
      },
      {
        "model": "catalyst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7600"
      },
      {
        "model": "ios 12.2 sra2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sga1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sg1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 zu1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sxf5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sxe6a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 sxd7a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 s5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 ixb2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2 s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "catos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(6)"
      },
      {
        "model": "catos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.5(5.3)"
      },
      {
        "model": "catos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6(20)"
      },
      {
        "model": "catos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6(19.2)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472412"
      },
      {
        "db": "BID",
        "id": "22751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1257"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1257"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-1257",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-1257",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-24619",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-1257",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#472412",
            "trust": 0.8,
            "value": "9.37"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200703-133",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-24619",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472412"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24619"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1257"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address. According to Cisco Systems information NAM Model number WS-SVC-NAM-1, WS-SVC-NAM-2, WS-X6380-NAM Will be affected. For details, check the information provided by the vendor.Crafted by a third party SNMP Arbitrary commands may be executed due to packet processing. According to Cisco Systems information, the device may be completely controlled. \nAn attacker can leverage this issue to gain complete control of the affected device. NAM uses the Simple Network Management Protocol (SNMP) to communicate with the Catalyst system. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Products NAM SNMP Spoofing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA24344\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24344/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nCisco IOS R12.x\nhttp://secunia.com/product/50/\nCisco IOS 12.x\nhttp://secunia.com/product/182/\nCisco CATOS 8.x\nhttp://secunia.com/product/3564/\nCisco CATOS 7.x\nhttp://secunia.com/product/185/\n\nSOFTWARE:\nCisco Catalyst 6500 Series Network Analysis Module (NAM-1/NAM-2)\nhttp://secunia.com/product/2272/\nCisco Catalyst 6500 Series Network Analysis Module (First Generation)\nhttp://secunia.com/product/2271/\n\nDESCRIPTION:\nA vulnerability has been reported in various Cisco products, which\ncan be exploited by malicious people to compromise a vulnerable\nsystem. \n\nSOLUTION:\nUpdate to a fixed version (see vendor advisory for details). \nhttp://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1257"
      },
      {
        "db": "CERT/CC",
        "id": "VU#472412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "db": "BID",
        "id": "22751"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24619"
      },
      {
        "db": "PACKETSTORM",
        "id": "54746"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#472412",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "22751",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1257",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "24344",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1017710",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "33066",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0783",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "32750",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20070228 CISCO CATALYST 6000, 6500 SERIES AND CISCO 7600 SERIES NAM (NETWORK ANALYSIS MODULE) VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5188",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-24619",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "54746",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472412"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24619"
      },
      {
        "db": "BID",
        "id": "22751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "db": "PACKETSTORM",
        "id": "54746"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1257"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ]
  },
  "id": "VAR-200703-0084",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24619"
      }
    ],
    "trust": 0.4056849
  },
  "last_update_date": "2023-12-18T12:39:53.932000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070228-nam",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24619"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1257"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/472412"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/22751"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/33066"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1017710"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/24344"
      },
      {
        "trust": 1.1,
        "url": "http://www.cisco.com/en/us/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080394e09.html"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5188"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0783"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/24344/"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-air-20070228-nam.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2007/feb/1017710.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1257"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1257"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/32750"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/0783"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5188"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/50/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3564/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/disassembling_og_reversing/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2271/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2272/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/182/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/185/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472412"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24619"
      },
      {
        "db": "BID",
        "id": "22751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "db": "PACKETSTORM",
        "id": "54746"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1257"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#472412"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24619"
      },
      {
        "db": "BID",
        "id": "22751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "db": "PACKETSTORM",
        "id": "54746"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1257"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#472412"
      },
      {
        "date": "2007-03-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24619"
      },
      {
        "date": "2007-02-28T00:00:00",
        "db": "BID",
        "id": "22751"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "date": "2007-03-05T23:12:53",
        "db": "PACKETSTORM",
        "id": "54746"
      },
      {
        "date": "2007-03-03T20:19:00",
        "db": "NVD",
        "id": "CVE-2007-1257"
      },
      {
        "date": "2007-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#472412"
      },
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24619"
      },
      {
        "date": "2015-05-12T19:34:00",
        "db": "BID",
        "id": "22751"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000183"
      },
      {
        "date": "2017-10-11T01:31:48.097000",
        "db": "NVD",
        "id": "CVE-2007-1257"
      },
      {
        "date": "2009-03-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Catalyst Systems with a NAM may allow system access via spoofing the SNMP communication",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472412"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-133"
      }
    ],
    "trust": 0.6
  }
}

GHSA-M2J7-6Q7V-WMPQ

Vulnerability from github – Published: 2022-05-01 17:51 – Updated: 2022-05-01 17:51

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-03T20:19:00Z",
    "severity": "HIGH"
  },
  "details": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address.",
  "id": "GHSA-m2j7-6q7v-wmpq",
  "modified": "2022-05-01T17:51:44Z",
  "published": "2022-05-01T17:51:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1257"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/33066"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24344"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/472412"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22751"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017710"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0783"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-1257

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1257

Aliases

CVE-2007-1257

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1257",
    "description": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address.",
    "id": "GSD-2007-1257"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1257"
      ],
      "details": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address.",
      "id": "GSD-2007-1257",
      "modified": "2023-12-13T01:21:40.100468Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1257",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20070228 Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
          },
          {
            "name": "VU#472412",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/472412"
          },
          {
            "name": "ADV-2007-0783",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0783"
          },
          {
            "name": "24344",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24344"
          },
          {
            "name": "22751",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22751"
          },
          {
            "name": "33066",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/33066"
          },
          {
            "name": "oval:org.mitre.oval:def:5188",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188"
          },
          {
            "name": "cisco-catalyst-nam-unauthorized-access(32750)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
          },
          {
            "name": "1017710",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017710"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1257"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070228 Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
            },
            {
              "name": "VU#472412",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/472412"
            },
            {
              "name": "22751",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22751"
            },
            {
              "name": "1017710",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017710"
            },
            {
              "name": "24344",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24344"
            },
            {
              "name": "33066",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/33066"
            },
            {
              "name": "ADV-2007-0783",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0783"
            },
            {
              "name": "cisco-catalyst-nam-unauthorized-access(32750)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
            },
            {
              "name": "oval:org.mitre.oval:def:5188",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:31Z",
      "publishedDate": "2007-03-03T20:19Z"
    }
  }
}

FKIE_CVE-2007-1257

Vulnerability from fkie_nvd - Published: 2007-03-03 20:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/33066
cve@mitre.org	http://secunia.com/advisories/24344	Vendor Advisory
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/472412	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/22751
cve@mitre.org	http://www.securitytracker.com/id?1017710
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0783
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32750
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/33066
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24344	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/472412	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22751
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017710
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0783
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32750
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188

Impacted products

Vendor	Product	Version
cisco	network_analysis_module	*
cisco	catalyst_6000_ws-svc-nam-1	2.2\(1a\)
cisco	catalyst_6000_ws-svc-nam-2	2.2\(1a\)
cisco	catalyst_6000_ws-x6380-nam	3.1\(1a\)
cisco	catalyst_6500_ws-svc-nam-1	2.2\(1a\)
cisco	catalyst_6500_ws-svc-nam-2	2.2\(1a\)
cisco	catalyst_6500_ws-x6380-nam	3.1\(1a\)
cisco	catalyst_7600_ws-svc-nam-1	2.2\(1a\)
cisco	catalyst_7600_ws-svc-nam-2	2.2\(1a\)
cisco	catalyst_7600_ws-x6380-nam	3.1\(1a\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD82BCCE-F68A-48A5-B484-98D9C3024E3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2AF1C7-23EB-4C13-AC71-4FA7E78E8ED7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C1E3F7-D48E-4AF1-8205-33EB71E09E09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E2DF345D-AD8A-4DE6-8136-6EF7B011E4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EC58B690-8D30-4A04-82AA-A827F87DEE02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "41491D13-A3F9-464A-A84B-A58320838CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DD4D3F34-A1B3-4469-BF21-666FDAE9198B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B64454B8-75A5-4A63-A4DC-ECA17CFBCD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "19A1FA93-21B3-4CD4-8A62-C66D82CFB2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "32583745-9640-4032-B1E1-598ABB4E89A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM\u0027s own IP address."
    },
    {
      "lang": "es",
      "value": "El M\u00f3dulo Network Analysis (NAM) del Cisco Catalyst Series 6000, 6500 y 7600 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante ciertos paquetes SNMP que son simulados desde la propia direcci\u00f3n IP del NAM."
    }
  ],
  "evaluatorComment": "Per: http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml#@ID\r\n\r\n\"Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS). \"",
  "id": "CVE-2007-1257",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-03T20:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33066"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24344"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/472412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22751"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017710"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0783"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/472412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1257 (GCVE-0-2007-1257)

VAR-200703-0084

GHSA-M2J7-6Q7V-WMPQ

GSD-2007-1257

FKIE_CVE-2007-1257

Tags

Sightings

Nomenclature